[DSE-Dev] Bug#738946: selinux-policy-default: Bind's ndc_t denied block_suspend on epollwakeup
Devin Carraway
devin at debian.org
Fri Feb 14 06:05:14 UTC 2014
Package: selinux-policy-default
Version: 2:2.20140206-1
Severity: normal
ndc_t being prevented from block_suspend on itself:
Feb 13 00:46:38 a6 kernel: [ 541.076682] type=1400 audit(1392281198.624:176): avc: denied { block_suspend } for pid=4506 comm="rndc" capability=36 scontext=system_u:system_r:ndc_t:s0 tcontext=system_u:system_r:ndc_t:s0 tclass=capability2
This also came up in Redhat Bug#895070 but the fix was seemingly never pushed
upstream.
Patch attached.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-9
ii libselinux1 2.2.2-1
ii libsepol1 2.2-1
ii policycoreutils 2.2.5-1
ii python 2.7.5-5
ii selinux-utils 2.2.2-1
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.2-1
ii setools 3.3.8-3
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- debconf-show failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: refpolicy-ndc_t-block_suspend.patch
Type: text/x-diff
Size: 1014 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140213/8f975b9b/attachment.patch>
More information about the SELinux-devel
mailing list